From: Scott M. <as...@ho...> - 2010-11-04 15:03:35
|
At 05:10 AM 11/4/2010, Thomas Eckardt wrote: > >The second problem > >ASSP is looking for the email address of the sender - a DKIM signature >will be added if a valid DKIM configuration is found for the sending >domain. So your server has to use a 'FROM:' address with @hollsco.com ! The email definitely has a FROM address. Here is an example header: Return-Path: in...@do... Delivered-To: in...@do... Received: from mail.frogstar.com ([192.168.0.160]) by mail.frogstar.com ; Thu, 4 Nov 2010 02:19:37 -0400 Received: from fs1.netbound.com ([67.159.45.157] helo=frogstar.com) by mail.frogstar.com with ESMTP (2.0.2); 4 Nov 2010 02:19:36 -0400 Received: from FS1 ([192.168.0.161]) by frogstar.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 4 Nov 2010 02:19:36 -0400 From: "Domain Admin" <in...@do...> To: "Domain Admin" <in...@do...> Subject: Subject of message Date: Thu, 04 Nov 2010 02:19:36 -0400 Message-ID: <Frog.5924a9e48a.Frog.59249a2c46.20101104-02193663-2d8@FS1> MIME-Version: 1.0 Content-Type: text/html Return-Path: in...@do... X-OriginalArrivalTime: 04 Nov 2010 06:19:36.0634 (UTC) FILETIME=[412DC9A0:01CB7BE8] This email, when routed through the IIS SMTP server, does not get a DKIM header added. However, the same email, sent directly to ASSP instead of through the IIS SMTP server, gets the DKIM header added correctly: Return-Path: in...@do... Delivered-To: in...@do... Received: from mail.frogstar.com ([192.168.0.160]) by mail.frogstar.com ; Thu, 4 Nov 2010 02:52:29 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=domain.com; h=Message-ID:From:Subject:To:MIME-Version:Content-Type; s=alpha; bh=Ub+UOLDhHFPhUsX++81Ve9689E4=; b=Frgb9rvA7adGunn0pDVpHMk+FY6cHveJI2ADVvdrAG2s3TPGcFtFQ9zqopJqsP7CrpW8eRDtMgxxwE8WbE8ZlIgv/KfAoOwN8n0sdB+vC5sLBQUXMfMzUq/BLu7hx4CSjMHw4i2RPDO2dQcqyfJsotsmDscWKsdS+lbOBDAkiYI= Received: from FS1 ([67.159.45.157] helo=FS1) by mail.frogstar.com with ESMTP (2.0.2); 4 Nov 2010 02:52:28 -0400 From: "Domain Admin" <in...@do...> To: "Domain Admin" <in...@do...> Subject: Subject of message Date: Thu, 04 Nov 2010 02:52:29 -0400 Message-ID: <Frog.99248f6996.20101104-02522915-1208@FS1> MIME-Version: 1.0 Content-Type: text/html > >The first one is > > >Set 'DKIMlogging' to diagnostic. In this case assp will do an complete >reverse check for every created signature. Tell me what assp is logging >about this. I did so, and it is showing the signature is OK: Nov-04-10 10:20:23 FS-80423-13130 [Worker_1] 12.34.56.78 <tes...@ho...> to: aut...@dk... recipient accepted: aut...@dk... Nov-04-10 10:20:23 FS-80423-13130 [Worker_1] 12.34.56.78 <tes...@ho...> to: aut...@dk... [Plugin] calling plugin ASSP_AFC Nov-04-10 10:20:23 FS-80423-13130 [Worker_1] [MessageOK] 12.34.56.78 <tes...@ho...> to: aut...@dk... message ok [relaxed test] -> d:/assp/notspam/13130.eml Nov-04-10 10:20:23 [Worker_1] DKIM: Selector = alpha Nov-04-10 10:20:23 [Worker_1] DKIM: Domain = hollsco.com Nov-04-10 10:20:23 [Worker_1] DKIM: KeyFile = d:/assp/certs/dkim_private_key_alpha.pem Nov-04-10 10:20:23 [Worker_1] DKIM: Method = relaxed/relaxed Nov-04-10 10:20:23 [Worker_1] DKIM: Headers = Message-ID:From:Subject:To:MIME-Version:Content-Type Nov-04-10 10:20:23 [Worker_1] DKIM: Mode = DKIM Nov-04-10 10:20:23 [Worker_1] DKIM: Algorithm = rsa-sha1 Nov-04-10 10:20:23 FS-80423-13130 [Worker_1] 12.34.56.78 <tes...@ho...> to: aut...@dk... info: successful added DKIM-Signature Nov-04-10 10:20:23 FS-80423-13130 [Worker_1] 12.34.56.78 <tes...@ho...> to: aut...@dk... DKIM: self signature check: result: pass - detail: pass Nov-04-10 10:20:23 FS-80423-13130 [Worker_1] 12.34.56.78 <tes...@ho...> to: aut...@dk... finished message - received size: 0 Byte - sent size: 1.70 kByte Nov-04-10 10:20:23 [Worker_1] Disconnected: 12.34.56.78 - command list was 'EHLO,AUTH,RSET,MAIL FROM,RCPT TO,DATA,QUIT' - used 11 SocketCalls However the response still shows a fail: The results are as follows: DKIM Signature validation: fail (verification failed) DKIM Author Domain Signing Practices: "dkim=all" ADSP is not required for DKIM signature validation. So I suspect the problem may be on the DNS side, in that the receiving mail server is not getting the key properly from DNS in order to validate the signature? |